fxa-auth-server/CHANGELOG

train-20
  * limit the number of pending scrypt hashes #783

train-19
  * belated major version 1 bump but maintain minor version count
  * fixed uid logging issue #755
  * nonceFunc logging is now trace instead of info level
  * updated many dependencies
  * removed awsbox

train-18
  * fixed internal server error on /certificate/sign #771
  * removed mysql and heap DB implementations #769
  * fixed log uid encoding issue #765
  * updated documentation

train-17
  * added locale to account #751
  * better db related error messages for httpdb #754
  * updated customs-server #756

train-16
  * updated hapi to 6.0.2

train-15
  * allow routes to use a base path for hosting in a subdirectory
  * updated dependencies
  * use poolee module for HTTP requests
  * code reorganization

train-14
  * moved email sending into fxa-auth-mailer #730
  * updated hapi-auth-hawk to mitigate bug (#700) #731
  * added `use_https` config option #728
  * always return an error on `__heartbeat__` failure #726
  * updated documentation

train-13
  * added contributing file #719
  * added MPL license file
  * fix for certificate sign requests when the provided key is invalid #717
  * fixed hawk payload verification bug #713
  * updated base email templates #709

train-12
  * verify an account if its unverified when forgot password verification succeeds #694
  * added 'accountRecreated' flag to the request summary log line #695
  * deprecate smtp.verificationUrl and passwordResetUrl in favor of contentServer.url #696
  * Update the URL for the customs server #702
  * add http datastore api #684

train-11
  * moved customs-server (fraud/abuse) to its own repo #685
  * improved the email based rate-limiting behavior

train-10
  * added email_bouncer.js for processing SES email bounces #678
  * fixed an email validation bug #681

train-09
  * noop

train-08
  * added /account/status #656
  * added basic email rate limiting #664

train-07
  * improve concurrent duplicate request handling #626
  * improved test coverage #628
  * added SNS account delete notifier #629
  * added fxa-verifiedEmail to the signed certificate #630
  * removed dependency on redis #634
  * added db_patcher for db migrations #643
  * improved redirectTo domain validation
  * updated readme design doc link #616
  * added /password/forgot/status endpoint #636
  * added /session/status endpoint #637
  * exit key_server when stdout is piped and the other process exits
  * improved mysql connection error handling

train-06
  * stop logging OPTIONS requests #619
  * fixed /verify_email uid parameter validation
  * default config.env to prod #614

train-05
  * fixed some i18n issues #611
  * use npm shrinkwrap #603
  * don't send verify emails to verified accounts #609

train-04
  * added `lockdown` for stable dependencies #19
  * refactored mysql.js #588
  * allow repeat signup against unverified emails #593
  * added cache-control to /.well-known/browserid #597
  * collect loggable data before authentication #601

train-03
  * upgrade hapi to 2.4.0
  * fixed password reset account lockout bug #575
  * upgrade mysql to 2.1.0
  * added mysql stat log lines
  * default mysql pools to 10 connections instead of 100
  * improved mysql connection error handling #581
  * check and cache ts+nonce pairs, not just plain nonces #584
  * disable HAWK timestamp checking in authentication #585

train-02
  * added `fxa-lastAuthAt` to signed certificates #547
  * load test enhancements
  * fixed redirectTo bug in /recovery_email/resend_code #563
  * updated mysql module from 2.0.0 to 2.0.1
  * improved mysql error handling #566
  * implemented new request logging convention #565
  * fixed remote test timing issue #512
  * more comprehensive email address validation #573
  * added CHANGELOG :)

train-01
  * all the things